General
-
Target
18969595bd5c463ae5ca0213159c3b456189e63e4434f86acef0d3a14ef5e0b8
-
Size
157KB
-
Sample
221127-t5d2hacb26
-
MD5
d8dbb3cb18541dd275dcf63dfa574e58
-
SHA1
adaeea4969998f2eac5967e58592fdd3865bb973
-
SHA256
18969595bd5c463ae5ca0213159c3b456189e63e4434f86acef0d3a14ef5e0b8
-
SHA512
d4a83ceb3152654dbc5cd1b9e5bd862fc70ce4948cca441df23dc33ae8aee5bbe5c0f440a924fbe0fc0955793a4dd6f6801c2ce411123dbee4f5587e34242309
-
SSDEEP
3072:d8VD0XzOJhtioGegPX2VVS/QYUardEvOzDHCSSxN/kD30CTdWZ:doD0XzOJhtiy62VYfEvYDHCTxOdTda
Static task
static1
Behavioral task
behavioral1
Sample
18969595bd5c463ae5ca0213159c3b456189e63e4434f86acef0d3a14ef5e0b8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
18969595bd5c463ae5ca0213159c3b456189e63e4434f86acef0d3a14ef5e0b8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
No Mix
kamikaz-hacke.zapto.org:9888
e15878800989ffaf40bdb4376cc1ebca
-
reg_key
e15878800989ffaf40bdb4376cc1ebca
-
splitter
|'|'|
Targets
-
-
Target
18969595bd5c463ae5ca0213159c3b456189e63e4434f86acef0d3a14ef5e0b8
-
Size
157KB
-
MD5
d8dbb3cb18541dd275dcf63dfa574e58
-
SHA1
adaeea4969998f2eac5967e58592fdd3865bb973
-
SHA256
18969595bd5c463ae5ca0213159c3b456189e63e4434f86acef0d3a14ef5e0b8
-
SHA512
d4a83ceb3152654dbc5cd1b9e5bd862fc70ce4948cca441df23dc33ae8aee5bbe5c0f440a924fbe0fc0955793a4dd6f6801c2ce411123dbee4f5587e34242309
-
SSDEEP
3072:d8VD0XzOJhtioGegPX2VVS/QYUardEvOzDHCSSxN/kD30CTdWZ:doD0XzOJhtiy62VYfEvYDHCTxOdTda
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-